Seriously how much brain power does it take to change a url parameter or number.
How many brain cells, amost zero one is required to have to be classified as a hacker now days.
versus those who can't desgin full stop.
Their system is flawed and they must just design better systems and get with the times.
To threat legal action for not know what they doing in the first place is just lamo.
I mean us as kids have been doing this for years.. Wake up call
In the first place search engines bots actually do pattern detection in urls and will then start generating
parameters for urls to full index websites, this been the case for years now!!!
with regards to the original artical on myboardband.
If you don't need to put a password into the document, page what ever the url returns
then you have acess to it! Evern if you have authenticated as someone else, the system
shoudl ensure you don't have acess to it.
If you don't want someone to have acess then return Error code or display a page content not found.
The rule of the web is if you can type in a url and it returns content
then it is allowed to be acessed. Even if you are authenticated as someone else it is the responsibility
of the system administator and designer to ensure that the end user can never acess anything
that he is not allowed to.
Let me desgin a machine and say we dont put a safty cage over all the motors and saw blades
and then say it the operators falt because he got to close. I dont think you let that fly
so why must we let infera, flawed websites like this fly in the first place!!